<?php
	session_start();
	include ("connection.php");

	function ConnectDB(){		
		$mysqli = new connection();
		if ($mysqli->connect_errno) {
		    echo "Fallo al conectar a MySQL: (" . $mysqli->connect_errno . ") " . $mysqli->connect_error;
		}
		
		return $mysqli;
	}

	$link = ConnectDB();
	$user = $_POST['user'];
	$password = sha1($_POST['password']);
	$loggedUser = '';
	$query = $link->prepare("SELECT UserId FROM users WHERE Password = ? and Username = ? ;");
	$query->bind_param("ss",$password,$user);
	$query->execute();
	$query->bind_result($loggedUser);
	$query->fetch();
	$query->close();
	mysqli_close($link);

	if ($loggedUser != ''){
		$_SESSION['user']=$loggedUser;
		header('location: ../about.html');
	}
	else{
		$_SESSION['errorMsg'] = 'usuario/contrase&ntilde;a incorrecta';
		header('location: ../login.html');
	}

?>

